From 0aaaa886fb70b76930fd2b1e2a72871804679b1f Mon Sep 17 00:00:00 2001
From: Tim Jackson <rpm@timj.co.uk>
Date: Jan 18 2023 22:56:18 +0000
Subject: Update to AWStats 7.9


---

diff --git a/.gitignore b/.gitignore
index f81cfd7..81997fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ awstats-7.0.tar.gz
 /awstats-7.6.tar.gz
 /awstats-7.7.tar.gz
 /awstats-7.8.tar.gz
+/awstats-7.9.tar.gz
diff --git a/awstats-7.0-httpd-2.4.patch b/awstats-7.0-httpd-2.4.patch
deleted file mode 100644
index 2fe23b6..0000000
--- a/awstats-7.0-httpd-2.4.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff -up awstats-7.0/tools/httpd_conf.http-2.4 awstats-7.0/tools/httpd_conf
---- awstats-7.0/tools/httpd_conf.http-2.4	2012-11-16 16:11:07.612386681 +0100
-+++ awstats-7.0/tools/httpd_conf	2012-11-16 16:44:24.921755562 +0100
-@@ -10,20 +10,33 @@
- 
- #
- # Directives to add to your Apache conf file to allow use of AWStats as a CGI.
--# Note that path "/usr/local/awstats/" must reflect your AWStats install path.
-+# Note that path "/usr/share/awstats/" must reflect your AWStats install path.
- #
--Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
--Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
--Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
--ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
-+Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/"
-+Alias /awstatscss "/usr/share/awstats/wwwroot/css/"
-+Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/"
-+ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
- 
- 
- #
- # This is to permit URL access to scripts/files in AWStats directory.
- #
--<Directory "/usr/local/awstats/wwwroot">
-+<Directory "/usr/share/awstats/wwwroot">
-     Options None
-     AllowOverride None
--    Order allow,deny
--    Allow from all
-+    <IfModule mod_authz_core.c>
-+        # Apache 2.4	
-+        Require local
-+    </IfModule>
-+    <IfModule !mod_authz_core.c>
-+        # Apache 2.2
-+        Order allow,deny
-+        Allow from 127.0.0.1
-+        Allow from ::1
-+    </IfModule>
- </Directory>
-+# Additional Perl modules
-+<IfModule mod_env.c>
-+    SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
-+</IfModule>
-+
diff --git a/awstats-7.9-httpd-2.4.patch b/awstats-7.9-httpd-2.4.patch
new file mode 100644
index 0000000..a441127
--- /dev/null
+++ b/awstats-7.9-httpd-2.4.patch
@@ -0,0 +1,37 @@
+--- awstats-7.9/tools/httpd_conf.orig	2014-09-23 09:16:09.000000000 +0200
++++ awstats-7.9/tools/httpd_conf	2023-01-18 23:30:18.097762242 +0100
+@@ -10,20 +10,26 @@
+ 
+ #
+ # Directives to add to your Apache conf file to allow use of AWStats as a CGI.
+-# Note that path "/usr/local/awstats/" must reflect your AWStats install path.
++# Note that path "/usr/share/awstats/" must reflect your AWStats install path.
+ #
+-Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
+-Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
+-Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
+-ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
++Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/"
++Alias /awstatscss "/usr/share/awstats/wwwroot/css/"
++Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/"
++ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
+ 
+ 
+ #
+ # This is to permit URL access to scripts/files in AWStats directory.
+ #
+-<Directory "/usr/local/awstats/wwwroot">
++<Directory "/usr/share/awstats/wwwroot">
+     Options None
+     AllowOverride None
+-    Order allow,deny
+-    Allow from all
++    <IfModule mod_authz_core.c>
++        Require local
++    </IfModule>
+ </Directory>
++# Additional Perl modules
++<IfModule mod_env.c>
++    SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
++</IfModule>
++
diff --git a/awstats-CVE-2020-35176.patch b/awstats-CVE-2020-35176.patch
deleted file mode 100644
index c954a95..0000000
--- a/awstats-CVE-2020-35176.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
-index e709b7f5..8341c0a5 100755
---- a/wwwroot/cgi-bin/awstats.pl
-+++ b/wwwroot/cgi-bin/awstats.pl
-@@ -1711,13 +1711,13 @@ sub Read_Config {
- 	# Check config file in common possible directories :
- 	# Windows :                   				"$DIR" (same dir than awstats.pl)
- 	# Standard, Mandrake and Debian package :	"/etc/awstats"
--	# Other possible directories :				"/usr/local/etc/awstats", "/etc"
-+	# Other possible directories :				"/usr/local/etc/awstats",
- 	# FHS standard, Suse package : 				"/etc/opt/awstats"
- 	my $configdir         = shift;
- 	my @PossibleConfigDir = (
- 			"$DIR",
- 			"/etc/awstats",
--			"/usr/local/etc/awstats", "/etc",
-+			"/usr/local/etc/awstats",
- 			"/etc/opt/awstats"
- 		); 
- 
diff --git a/awstats-CVE-2022-46391.patch b/awstats-CVE-2022-46391.patch
deleted file mode 100644
index bed1e7b..0000000
--- a/awstats-CVE-2022-46391.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/wwwroot/cgi-bin/plugins/hostinfo.pm b/wwwroot/cgi-bin/plugins/hostinfo.pm
-index 95b2c20b7..1f0ac6994 100644
---- a/wwwroot/cgi-bin/plugins/hostinfo.pm
-+++ b/wwwroot/cgi-bin/plugins/hostinfo.pm
-@@ -181,7 +181,7 @@ sub BuildFullHTMLOutput_hostinfo {
- 
- 	&tab_head("Full Whois Field",0,0,'whois');
- 	if ($w && $w->response()) {
--		print "<tr><td class=\"aws\"><pre>".($w->response())."</pre></td></tr>\n";
-+		print "<tr><td class=\"aws\"><pre>".CleanXSS($w->response())."</pre></td></tr>\n";
- 	}
- 	else {
- 		print "<tr><td><br />The Whois command failed.<br />Did the server running AWStats is allowed to send WhoIs queries (If a firewall is running, port 43 should be opened from inside to outside) ?<br /><br /></td></tr>\n";
diff --git a/awstats.spec b/awstats.spec
index 522c2ac..74fdbb2 100644
--- a/awstats.spec
+++ b/awstats.spec
@@ -1,22 +1,15 @@
 Name:       awstats
-Version:    7.8
-Release:    10%{?dist}
+Version:    7.9
+Release:    1%{?dist}
 Summary:    Advanced Web Statistics
 License:    GPLv3+
-URL:        http://awstats.sourceforge.net
-Source0:    http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
+URL:        https://www.awstats.org/
+Source0:    https://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
 Source1:    %{name}.cron
 Patch0:     awstats-awredir.pl-sanitize-parameters.patch
 
 # fix configuration for httpd 2.4 (#871366)
-Patch1:     awstats-7.0-httpd-2.4.patch
-
-# https://github.com/eldy/awstats/pull/196/commits/0d4d4c05f8e73be8f71dd361dc55cbd52858b823.diff
-Patch2:     awstats-CVE-2020-35176.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=2150632
-# https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965.diff
-Patch3:     awstats-CVE-2022-46391.patch
+Patch1:     awstats-7.9-httpd-2.4.patch
 
 BuildArch:  noarch
 BuildRequires:  coreutils
@@ -58,8 +51,6 @@ http://localhost/awstats/awstats.pl
 %setup -q
 %patch0 -p 1
 %patch1 -p 1
-%patch2 -p 1
-%patch3 -p 1
 
 # Fix style sheets.
 perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
@@ -167,6 +158,9 @@ fi
 
 
 %changelog
+* Wed Jan 18 2023 Tim Jackson <rpm@timj.co.uk> - 7.9-1
+- Version 7.9
+
 * Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
diff --git a/sources b/sources
index 318d463..3a8025b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (awstats-7.8.tar.gz) = b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2
+SHA512 (awstats-7.9.tar.gz) = 1270c7486a5558a54abc7b43cd92ffcea356ff4c00271bb824758ef4f5736eff559dd38eb7bc7bff8d45efa970a60ddcc5771762a3c3a32f003b0e39c55814d9